Setting Intrusion Rule States

Intrusion rule states are policy-specific.

Procedure

Step 1

Choose Policies > Access Control > Intrusion.

Step 2

Click Snort 2 Version next to the policy you want to edit.

If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Tip
This page indicates the total number of enabled rules, the total number of enabled rules set to Generate Events, and the total number set to Drop and Generate Events. Note also that in a passive deployment, rules set to Drop and Generate Events only generate events.

Step 3

Click Rules immediately under Policy Information in the navigation panel.

Step 4

Choose the rule or rules where you want to set the rule state.

Step 5

Choose one of the following:

  • Rule State > Generate Events
  • Rule State > Drop and Generate Events
  • Rule State > Disable

Step 6

To save changes you made in this policy since the last policy commit, click Policy Information in the navigation panel, then click Commit Changes.

If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy.

What to do next

  • Deploy configuration changes.